A Threatening Business Model: Ransomware as a Service (RaaS)

A Threatening Business Model: Ransomware as a Service (RaaS)

Ransomware is a serious threat to businesses, and it’s getting worse. While individuals were struggling against such attacks, fraudsters went a step further and started offering ransomware-as-a-service (RaaS). Through this business model, cybercriminals offer a malicious kit that can be used to perform ransomware attack services at little or no cost. Ransomware is becoming a major concern worldwide, with 54% of organizations surveyed being attacked in 2017 and another 31% expected to be attacked in the future. In 2021, these attacks increased dramatically.   What is ransomware as a service (RaaS) and why is it such a big threat? Ransomware is a type of malware that encrypts files and locks them, making decryption nearly impossible without a key or by exploiting vulnerabilities in the encryption implementation. Ransomware as a service (RaaS) is a subscription-based model that allows affiliates to run them using pre-developed ransomware tools. Each successful ransomware payment earns affiliates a commission. RaaS allows anyone, even if they have no technical expertise, to launch attacks by simply subscribing to a service. They are readily available on the dark web, where they are advertised in the same way as legal products. Since RaaS users do not need to have any knowledge, or even experience, to use the tool effectively, RaaS solutions allow even the most inexperienced hackers to carry out very intricate cyberattacks. Not only is ransomware cheap to buy and download, it is also simple to spread, making any organization a target in today’s digital world. Ransomware is becoming increasingly expensive to pay, which means that this type of attack is becoming more and more profitable for attackers....
Server virtualization and its advantages

Server virtualization and its advantages

Due to the progress in communications and digital solutions, server virtualization is becoming a very beneficial resource. Server virtualization is a way to take advantage of the full potential of a computer installed on the premises, or to transfer it to another location without suffering any inconvenience. Generally, most existing servers are underutilized, with about 15 percent of their performance potential untapped. Let’s take a look at some of the benefits of virtualizing a company’s servers:   Cost reduction. Savings is one of the strengths of server virtualization. By taking full advantage of them, it is not necessary to invest in new equipment or keep unused equipment on. Energy consumption is therefore reduced. In addition, fewer servers mean savings in maintenance, both in time and money. Also, when we decide to virtualize, the hardware reduction is 22% and, more importantly, the annual cost savings can be up to 23%, depending on the configuration.   Improved security A virtual server can be easily scheduled for regular backups and stored remotely. In case of failure, recovery is much faster and more accessible.   Possibility to create a test environment Since a server space can be segmented to operate independently, it gives us the opportunity to develop a test environment. This environment can be developed without the need to deploy an external server and without the danger of a failure affecting the other servers. For example, applications can be installed and all the necessary processes can be executed before they are moved to the working environment. This minimizes errors and the time it would take to fix them if they were done...
6 tips for SMEs to protect their data

6 tips for SMEs to protect their data

SMEs, as they have more limited budgets, have to choose carefully the technological solutions they want to invest in: ERP solutions, CRM systems, financial tools, etc. Today, cybersecurity solutions have also become essential for SMEs, as a simple attack can jeopardize their business, with irrecoverable financial consequences. HodeiCloud, a leading provider of cloud-based IT, security and compliance solutions, offers a few tips for SMEs to protect their data in the same way as large companies, but with a budget to match. Never minimize your value Many times SMBs think that they are not targets for hackers and that they can be immune to cyberattacks. In reality, these SMEs can become as good a target as any other, and even a relatively easy entry point for a cyberattack aimed at compromising a larger company they are doing business with. Since most large companies have sophisticated security defenses, hackers have begun to identify and attack their weakest points. Prepare your employees Hackers prey on employees the most. Therefore, it is very important to inform employees about security policies such as password management and cybersecurity, educating them on how to recognize cyberattacks and avoid falling into cyber traps such as phishing and social engineering. An ongoing training program is needed to raise employee awareness of new and emerging cybersecurity risks and ensure discipline in protecting company data. Use affordable technologies. Today, there is more exposure to IT security risks, but there are also affordable new technologies that SMEs can adopt to secure their IT environments and protect their data. The cloud, for example, offers SMBs the opportunity to increase their IT and...
Data of 134,004 users exposed by a cybersecurity breach at Quirón

Data of 134,004 users exposed by a cybersecurity breach at Quirón

Passwords and e-mail addresses of at least 134,004 users were exposed by a cybersecurity failure that Hospital Quirón suffered in its web page. Through this page, it markets its online medical services, coronavirus tests, genetic analysis, medical check-ups and cosmetic surgery services. Fortunately, the company has fixed the problem and there is no evidence that any data has been stolen. This type of failure allows third parties to access user data, which does not necessarily mean that information is being stolen. The security flaw allowed SQL Injection attacks. SQL stands for Structured Query Language, a programming language designed to access information stored in databases.  To steal information by accessing databases, malicious code is injected into computer programs via SQL. If the attacked program has not been built with security guarantees or the operating system has not been properly updated, there is a high probability that the attack will succeed. In the case of Quirón, the flaw was discovered by cybersecurity expert and bug hunter Touseef Gul. Currently, it has been communicated from Quirón that it is “a minor problem that has already been fixed“. The cybersecurity flaw was reported in May and was fixed shortly thereafter. The SQL attack explained: A SQL Injection attack consists of obtaining private information from a DDBB that should normally only be available to privileged users (e.g., DDBB Administrators). This information can be used to gain privileged access to applications or to steal confidential information. These attacks usually occur by exploiting a vulnerability in a public application (e.g. web form) which, in turn, has access to the DDBB. The vulnerabilities can come from an...
The Basque Cybersecurity Centre visits HodeiCloud

The Basque Cybersecurity Centre visits HodeiCloud

A fortnight ago we received a visit from Javier Diéguez and Raquel Ballesteros, from the Basque Cybersecurity Centre. They wanted to get to know HodeiCloud: what the company does, what are its objectives, in what environment it works… Here we will briefly explain the highlights of HodeiCloud, which were presented to the two members of the Basque Cybersecurity Centre. Firstly, it should be noted that HodeiCloud is one of the few companies in our ecosystem that focuses on providing cybersecurity services to freelancers and SMEs. There are several multinational brands that offer their services in this area, but they are aimed more at large companies. That is why the product offered by HodeiCloud adapts to the needs of smaller companies, while also adapting to their budget. HodeiCloud’s product consists of a comprehensive virtual desktop in the cloud called iHodei, which has been developed through Cloud Computing and Artificial Intelligence technology. This remote desktop allows companies to keep their local servers and in this way they can access from anywhere at any time to all programs, ERP, CRM, databases… and also from any device. Given that most SMEs and freelancers do not have an IT department, HodeiCloud focuses on responding to their cybersecurity and teleworking problems. To make this possible, HodeiCloud designs a plan that is 100% adapted to the needs and characteristics of the companies. The ultimate goal is always that companies are not paralysed by theft, virus or hacking, but that they are protected at all times and do not have any security breach. HodeiCloud is equipped with the best software, and also uses virtualisation techniques to increase...
Companies of all sizes targeted by cybercriminals

Companies of all sizes targeted by cybercriminals

As a result of the pandemic, there has been an increased focus on cybersecurity around the world, and Spain is no exception. Cybersecurity experts indicate that 2020 was a record-breaking year for cyberattacks. ESET, being a cybersecurity company in the European Union, pointed out that between the first and fourth quarter of 2020 cyber-attacks increased by 768%. This is mainly due to the fact that cybercriminals due to the teleworking situation in which society was in took advantage of the lack of security measures by companies. In 2021, it has been possible to observe how cybercriminals have adjusted in record time to the new situation managing to maximize profits through more complex and advanced cyberattacks. This is why companies detect the need for cybersecurity solutions that are capable of dealing with the most advanced cyberattacks without changing their work habits. Having an antivirus is no longer enough. Today, companies need to identify, stop and fix security breaches. SMEs, the main target of cybercriminals Attacks on both large companies and public administrations are on the rise. A recent example occurred in Castellón, where there was a cyberattack on the database of the Castellón de la Plana City Council. As a result of this attack, data on victims of abuse, police reports and passwords were uncovered. Another example could be the cyber-attack suffered by Phone House, which damaged the data of three million customers. However, it should be noted that the companies mainly affected in our country are SMEs. According to information provided by the Guardia Civil, 70% of small and medium-sized companies are affected.  Moreover, The United Nations International Telecommunication Union...